diff --git a/krebs/2configs/shack/muell_mail.nix b/krebs/2configs/shack/muell_mail.nix
index a41dbc977..5ae80d780 100644
--- a/krebs/2configs/shack/muell_mail.nix
+++ b/krebs/2configs/shack/muell_mail.nix
@@ -6,7 +6,7 @@ let
url = "https://git.shackspace.de/rz/muell_mail";
rev = "861ec25ab22797d8961efb32e72d79e113aa9f0f";
sha256 = "sha256:18cw95zbr7isv4cw80cbpd84n5z208fwh5390i6j10jkn398mjq2";
- }) {};
+ }) { mkYarnPackage = pkgs.yarn2nix-moretea.mkYarnPackage; };
home = "/var/lib/muell_mail";
cfg = toString <secrets/shack/muell_mail.js>;
in {
diff --git a/krebs/2configs/shack/prometheus/server.nix b/krebs/2configs/shack/prometheus/server.nix
index 12f757e89..7f6f38610 100644
--- a/krebs/2configs/shack/prometheus/server.nix
+++ b/krebs/2configs/shack/prometheus/server.nix
@@ -28,7 +28,6 @@
"-storage.local.index-cache-size.label-name-to-label-values 2097152"
"-storage.local.index-cache-size.label-pair-to-fingerprints 41943040"
];
- alertmanagerURL = [ "http://localhost:9093" ];
rules = [
''
ALERT node_down
@@ -161,6 +160,12 @@
];
}
];
+ alertmanagers = [
+ { scheme = "http";
+ path_prefix = "/";
+ static_configs = [ { targets = [ "localhost:9093" ]; } ];
+ }
+ ];
alertmanager = {
enable = true;
listenAddress = "0.0.0.0";
diff --git a/krebs/3modules/rtorrent.nix b/krebs/3modules/rtorrent.nix
index 09e552010..d59569317 100644
--- a/krebs/3modules/rtorrent.nix
+++ b/krebs/3modules/rtorrent.nix
@@ -333,18 +333,18 @@ let
rutorrent-imp = {
services.phpfpm = {
# phpfpm does not have an enable option
- poolConfigs = {
- rutorrent = ''
- user = ${nginx-user}
- group = ${nginx-group}
- listen = ${fpm-socket}
- listen.owner = ${nginx-user}
- listen.group = ${nginx-group}
- pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 3
+ pools.rutorrent = {
+ user = nginx-user;
+ group = nginx-group;
+ listen = fpm-socket;
+ settings = {
+ "pm" = "dynamic";
+ "pm.max_children" = 5;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 1;
+ "pm.max_spare_servers" = 3;
+ };
+ extraConfig = ''
chdir = /
php_admin_value[error_log] = 'stderr'
php_admin_flag[log_errors] = on
diff --git a/makefu/0tests/data/secrets/mysql_rootPassword b/makefu/0tests/data/secrets/mysql_rootPassword
new file mode 100644
index 000000000..e69de29bb
diff --git a/makefu/1systems/x/config.nix b/makefu/1systems/x/config.nix
index ad9a3324b..ea18c68ac 100644
--- a/makefu/1systems/x/config.nix
+++ b/makefu/1systems/x/config.nix
@@ -58,7 +58,7 @@
# Krebs
<stockholm/makefu/2configs/tinc/retiolum.nix>
- # <stockholm/makefu/2configs/share/gum-client.nix>
+ <stockholm/makefu/2configs/share/gum-client.nix>
# <stockholm/makefu/2configs/share/temp-share-samba.nix>
@@ -93,23 +93,18 @@
<stockholm/makefu/2configs/binary-cache/lass.nix>
# Hardware
- <stockholm/makefu/2configs/hw/tp-x230.nix>
+ <stockholm/makefu/2configs/hw/tp-x230.nix> # + bluetooth
# <stockholm/makefu/2configs/hw/mceusb.nix>
- # <stockholm/makefu/2configs/hw/tpm.nix>
+ <stockholm/makefu/2configs/hw/tpm.nix>
# <stockholm/makefu/2configs/hw/rtl8812au.nix>
<stockholm/makefu/2configs/hw/network-manager.nix>
# <stockholm/makefu/2configs/hw/stk1160.nix>
# <stockholm/makefu/2configs/hw/irtoy.nix>
# <stockholm/makefu/2configs/hw/malduino_elite.nix>
<stockholm/makefu/2configs/hw/switch.nix>
- <stockholm/makefu/2configs/hw/bluetooth.nix>
# <stockholm/makefu/2configs/hw/rad1o.nix>
<stockholm/makefu/2configs/hw/smartcard.nix>
-
- {
- services.upower.enable = true;
- users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
- }
+ <stockholm/makefu/2configs/hw/upower.nix>
# Filesystem
<stockholm/makefu/2configs/fs/sda-crypto-root-home.nix>
@@ -147,9 +142,6 @@
];
};
}
- # {
- # services.zerotierone.enable = true;
- # }
];
@@ -167,12 +159,8 @@
krebs.build.host = config.krebs.hosts.x;
- krebs.tinc.retiolum.connectTo = [ "omo" "gum" "prism" "nextgum" ];
+ krebs.tinc.retiolum.connectTo = [ "omo" "prism" "nextgum" "wbob" ];
- networking.extraHosts = ''
- 192.168.1.11 omo.local
- 80.92.65.53 www.wifionice.de wifionice.de
- '';
# hard dependency because otherwise the device will not be unlocked
boot.initrd.luks.devices = [ { name = "luksroot"; device = "/dev/sda2"; allowDiscards=true; }];
# avoid full boot dir
@@ -199,13 +187,4 @@
services.syncthing.user = lib.mkForce "makefu";
services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
- # latest kernel (5.0) has issues with wifi card
- boot.kernelPackages = pkgs.linuxPackages;
- # Bugfix for wifi card
- powerManagement.resumeCommands = ''
- sleep 2
- echo 1 > /sys/bus/pci/devices/0000:03:00.0/remove
- sleep 3
- echo 1 > /sys/bus/pci/rescan
- '';
}
diff --git a/makefu/2configs/deployment/owncloud.nix b/makefu/2configs/deployment/owncloud.nix
index 6f073fd4c..59dfa3203 100644
--- a/makefu/2configs/deployment/owncloud.nix
+++ b/makefu/2configs/deployment/owncloud.nix
@@ -110,6 +110,10 @@ let
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
+ add_header X-Frame-Options SAMEORIGIN;
+ add_header X-Download-Options noopen;
+ add_header X-Permitted-Cross-Domain-Policies none;
+
# Optional: Don't log access to assets
access_log off;
'';
@@ -118,23 +122,25 @@ let
access_log off;
'';
};
- services.phpfpm.poolConfigs."${domain}" = ''
- listen = ${socket}
- user = nginx
- group = nginx
- pm = dynamic
- pm.max_children = 32
- pm.max_requests = 500
- pm.start_servers = 2
- pm.min_spare_servers = 2
- pm.max_spare_servers = 5
- listen.owner = nginx
- listen.group = nginx
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
- catch_workers_output = yes
- '';
+ services.phpfpm.pools."${domain}" = {
+ user = "nginx";
+ group = "nginx";
+ listen = socket;
+ settings = {
+ "pm" = "dynamic";
+ "pm.max_children" = 32;
+ "pm.max_requests" = 500;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 2;
+ "pm.max_spare_servers" = 5;
+ };
+ extraConfig = ''
+ php_admin_value[error_log] = 'stderr'
+ php_admin_flag[log_errors] = on
+ env[PATH] = ${lib.makeBinPath [ pkgs.php ]}
+ catch_workers_output = yes
+ '';
+ };
services.phpfpm.phpOptions = ''
opcache.enable=1
opcache.enable_cli=1
@@ -171,27 +177,29 @@ in {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.redis.enable = true;
- services.mysql = {
- enable = false;
- package = pkgs.mariadb;
- rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
- initialDatabases = [
- # Or use writeText instead of literalExample?
- #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
- {
- name = "nextcloud";
- schema = pkgs.writeText "nextcloud.sql"
- ''
- create user if not exists 'nextcloud'@'localhost' identified by 'password';
- grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
- '';
- }
- ];
- };
+
+ #services.mysql = {
+ # enable = false;
+ # package = pkgs.mariadb;
+ # rootPassword = config.krebs.secret.files.mysql_rootPassword.path;
+ # initialDatabases = [
+ # # Or use writeText instead of literalExample?
+ # #{ name = "nextcloud"; schema = literalExample "./nextcloud.sql"; }
+ # {
+ # name = "nextcloud";
+ # schema = pkgs.writeText "nextcloud.sql"
+ # ''
+ # create user if not exists 'nextcloud'@'localhost' identified by 'password';
+ # grant all privileges on nextcloud.* to 'nextcloud'@'localhost' identified by 'password';
+ # '';
+ # }
+ # ];
+ #};
+
# dataDir is only defined after mysql is enabled
- # krebs.secret.files.mysql_rootPassword = {
- # path = "${config.services.mysql.dataDir}/mysql_rootPassword";
- # owner.name = "root";
- # source-path = toString <secrets> + "/mysql_rootPassword";
- # };
+ #krebs.secret.files.mysql_rootPassword = {
+ # path = "${config.services.mysql.dataDir}/mysql_rootPassword";
+ # owner.name = "root";
+ # source-path = toString <secrets> + "/mysql_rootPassword";
+ #};
}
diff --git a/makefu/2configs/hw/tp-x230.nix b/makefu/2configs/hw/tp-x230.nix
index a6ded0a3e..37d1affb7 100644
--- a/makefu/2configs/hw/tp-x230.nix
+++ b/makefu/2configs/hw/tp-x230.nix
@@ -7,7 +7,6 @@ with import <stockholm/lib>;
# configured media keys inside awesomerc
# sound.mediaKeys.enable = true;
- hardware.bluetooth.enable = true;
# possible i915 powersave options:
# options i915 enable_rc6=1 enable_fbc=1 semaphores=1
diff --git a/makefu/2configs/hw/tp-x2x0.nix b/makefu/2configs/hw/tp-x2x0.nix
index 5570bec55..564925db5 100644
--- a/makefu/2configs/hw/tp-x2x0.nix
+++ b/makefu/2configs/hw/tp-x2x0.nix
@@ -4,6 +4,7 @@
imports = [
./tpm.nix
./ssd.nix
+ ./bluetooth.nix
];
boot.kernelModules = [
diff --git a/makefu/2configs/hw/upower.nix b/makefu/2configs/hw/upower.nix
new file mode 100644
index 000000000..a3932fed3
--- /dev/null
+++ b/makefu/2configs/hw/upower.nix
@@ -0,0 +1,6 @@
+{ pkgs, ... }:
+{
+ services.upower.enable = true;
+ users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
+}
+
diff --git a/makefu/2configs/nginx/euer.mon.nix b/makefu/2configs/nginx/euer.mon.nix
index 765fef535..c9db15b73 100644
--- a/makefu/2configs/nginx/euer.mon.nix
+++ b/makefu/2configs/nginx/euer.mon.nix
@@ -32,7 +32,7 @@ in {
auth_basic "Needs Autherization to visit";
auth_basic_user_file ${authFile};
proxy_http_version 1.1;
- proxy_set_header Host $http_host;
+ proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect off;
'';
diff --git a/makefu/2configs/nginx/euer.wiki.nix b/makefu/2configs/nginx/euer.wiki.nix
index 732c27784..a6766eeec 100644
--- a/makefu/2configs/nginx/euer.wiki.nix
+++ b/makefu/2configs/nginx/euer.wiki.nix
@@ -23,25 +23,22 @@ let
in {
state = [ base-dir ];
services.phpfpm = {
- # phpfpm does not have an enable option
- poolConfigs = {
- euer-wiki = ''
- user = ${user}
- group = ${group}
- listen = ${fpm-socket}
- listen.owner = ${user}
- listen.group = ${group}
- env[twconf] = ${base-cfg};
- pm = dynamic
- pm.max_children = 5
- pm.start_servers = 2
- pm.min_spare_servers = 1
- pm.max_spare_servers = 3
- chdir = /
- php_admin_value[error_log] = 'stderr'
- php_admin_flag[log_errors] = on
- catch_workers_output = yes
- '';
+ pools.euer-wiki = {
+ inherit user group;
+ listen = fpm-socket;
+ settings = {
+ "pm" = "dynamic";
+ "pm.max_children" = 5;
+ "pm.start_servers" = 2;
+ "pm.min_spare_servers" = 1;
+ "pm.max_spare_servers" = 3;
+ "chdir" = "/";
+ "php_admin_value[error_log]" = "stderr";
+ "php_admin_flag[log_errors]" = "on";
+ "catch_workers_output" = "yes";
+
+ };
+ phpEnv.twconf = base-cfg;
};
};
diff --git a/makefu/2configs/tools/pcmanfm-extra.nix b/makefu/2configs/tools/pcmanfm-extra.nix
index 2d5d20f80..f28f9a91a 100644
--- a/makefu/2configs/tools/pcmanfm-extra.nix
+++ b/makefu/2configs/tools/pcmanfm-extra.nix
@@ -7,5 +7,5 @@
lxmenu-data
];
environment.variables.GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ];
- services.gnome3.gvfs.enable = true;
+ services.gvfs.enable = true;
}
diff --git a/makefu/3modules/opentracker.nix b/makefu/3modules/opentracker.nix
index 202231fa1..6c65b82b6 100644
--- a/makefu/3modules/opentracker.nix
+++ b/makefu/3modules/opentracker.nix
@@ -18,7 +18,7 @@ let
};
args = mkOption {
- type = types.string;
+ type = types.separatedString;
description = ''
see https://erdgeist.org/arts/software/opentracker/ for all params
'';
diff --git a/makefu/5pkgs/default.nix b/makefu/5pkgs/default.nix
index 0f87265a9..bbd99ffe7 100644
--- a/makefu/5pkgs/default.nix
+++ b/makefu/5pkgs/default.nix
@@ -25,15 +25,15 @@ in {
patches = [ ./custom/quodlibet/single-digit-discnumber.patch
./custom/quodlibet/remove-override-warning.patch ];
});
- rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: {
- postInstall = old.postInstall + ''
+ #rclone = super.pkgs.stdenv.lib.overrideDerivation super.rclone (old: {
+ # postInstall = old.postInstall + ''
- $out/bin/rclone genautocomplete zsh _rclone
- install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone
- $out/bin/rclone genautocomplete bash _rclone
- install -D -m644 _rclone $out/etc/bash_completion.d/rclone
- '';
- });
+ # $out/bin/rclone genautocomplete zsh _rclone
+ # install -D -m644 _rclone $out/share/zsh/vendor-completions/_rclone
+ # $out/bin/rclone genautocomplete bash _rclone
+ # install -D -m644 _rclone $out/etc/bash_completion.d/rclone
+ # '';
+ #});
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
diff --git a/makefu/5pkgs/uhub/default.nix b/makefu/5pkgs/uhub/default.nix
new file mode 100644
index 000000000..66dfebc3b
--- /dev/null
+++ b/makefu/5pkgs/uhub/default.nix
@@ -0,0 +1,48 @@
+{ stdenv, fetchpatch, fetchFromGitHub, cmake, openssl, sqlite, pkgconfig, systemd
+, tlsSupport ? false }:
+
+assert tlsSupport -> openssl != null;
+
+stdenv.mkDerivation rec {
+ pname = "uhub";
+ version = "2019-06-18";
+
+ src = fetchFromGitHub {
+ owner = "janvidar";
+ repo = "uhub";
+ rev = "78a703924064a92cedeb0a5aab5a80d8f77db73e";
+ sha256 = "1dqmj08salhbcdlkglbi03hn9jzgmhjqlb0iysafpzrrwi0mca1z";
+ };
+
+ nativeBuildInputs = [ pkgconfig ];
+ buildInputs = [ cmake sqlite systemd ] ++ stdenv.lib.optional tlsSupport openssl;
+
+ outputs = [ "out"
+ "mod_example"
+ "mod_welcome"
+ "mod_logging"
+ "mod_auth_simple"
+ "mod_auth_sqlite"
+ "mod_chat_history"
+ "mod_chat_only"
+ "mod_topic"
+ "mod_no_guest_downloads"
+ ];
+
+ patches = [
+ <nixpkgs/pkgs/servers/uhub/plugin-dir.patch>
+ ];
+
+ cmakeFlags = ''
+ -DSYSTEMD_SUPPORT=ON
+ ${if tlsSupport then "-DSSL_SUPPORT=ON" else "-DSSL_SUPPORT=OFF"}
+ '';
+
+ meta = with stdenv.lib; {
+ description = "High performance peer-to-peer hub for the ADC network";
+ homepage = https://www.uhub.org/;
+ license = licenses.gpl3;
+ maintainers = [ maintainers.ehmry ];
+ platforms = platforms.unix;
+ };
+}
diff --git a/makefu/krops.nix b/makefu/krops.nix
index 36c882d7e..6913a5c63 100644
--- a/makefu/krops.nix
+++ b/makefu/krops.nix
@@ -71,7 +71,7 @@
(lib.mkIf ( host-src.home-manager ) {
home-manager.git = {
url = https://github.com/rycee/home-manager;
- ref = "ff602cb906e3dd5d5f89c7c1d0fae65bc67119a0";
+ ref = "f856c78a4a220f44b64ce5045f228cbb9d4d9f31";
};
})
];